<?PHP
include "connect.php";
session_start();
$user=$_SESSION['user'];
$selectuser="SELECT * from b_users a, b_templates b where b.templateid=a.templateclass and a.username='$user'";
$selectuser2=mysql_query($selectuser);
$selectuser3=mysql_fetch_array($selectuser2);
print "<link rel='stylesheet' href='style.css' type='text/css'>";

if ($selectuser3[status]>=3)
   {
     print "<br><br><br><br><table border='0'>";
     print "<tr><td valign='top'><center>";
     print "<table width='70%' border='0' class='maintable'>";
     print "<tr class='headline'><td width='300px'>Admin Options";
     print "</td></tr>";
     print "<tr class='forumrow'><td>";
     include "adminleft.php";
     print "</td></tr></table></center></td>";
     print "<td valign='top' width='75%'><p align='left'>";
     print "<table width='70%' border='0' class='maintable'>";
     print "<tr class='headline'><td>Edit User";
     print "</td></tr>";
     print "<tr class='forumrow'><td>";
     if(isset($_POST['submit']))
     {
       $userid=$_POST['userid'];
       $getuserinfo="SELECT * from b_users where userID='$userid'";
       $getuserinfo2=mysql_query($getuserinfo) or die("Could not grab user info");
       $getuserinfo3=mysql_fetch_array($getuserinfo2);
       if($selectuser3[status]>$getuserinfo3[status] || $selectuser3[userID]==$getuserinfo3[userID])
       {
          $userid=$_POST['userid'];
          $username=$_POST['username'];
          $password=$_POST['password'];
          $userstatus=$_POST['userstatus'];
		  $rep=$_POST['rep'];
		  $point=$_POST['point'];
          $email=$_POST['email'];
		  //*
		  $rank=$_POST['rank'];
		  $rank = preg_replace("(\[color=(.+?)\](.+?)\[\/color\])is","<font color=\"$1\">$2</font>",$rank);
          //*
		  $buff=$_POST['buff'];
		  $money=$_POST['money'];
		  $char=$_POST['char'];
          $isbanned=$_POST['isbanned'];
          $sig=$_POST['sig'];
          if(strlen($password)<1)
          {
             $updateaccount="update b_users set username='$username', status='$userstatus', email='$email', rank='$rank', banned='$isbanned', sig='$sig', charid='$char', honours='$rep', points='$point', buff='$buff', money='$money' where userID='$userid'";
             mysql_query($updateaccount) or die("Could not update account");
             print "Account updated, password not changed. Done!<br><br><a href='usermn.php'>Back to User Management</a><br><br>";
          }
          else
          {
             $password2=md5($password);
             $updateaccount="update b_users set username='$username',password='$password2', status='$userstatus', email='$email', rank='$rank', banned='$isbanned', sig='$sig', charid='$char', honours='$rep', points='$point', buff='$buff', money='$money' where userID='$userid'";
             mysql_query($updateaccount) or die("Could not update account");
             print "Account updated, forum account password changed, "; 
		     $deluser2="update accounts set password='$password' where login='$username'";
             mysql_query($deluser2) or die("Could not update server acc pass");
             print "<br>server account password changed. Done!<br><br><a href='usermn.php'>Back to User Management</a><br><br>";
          }

       }
       else
       {
         print "You cannot edit someone's whose permissions are the same or higher than yours.";       
       }
     }
     else if(isset($_GET['userID']))
     {        
       $userid=$_GET['userID'];
       $getuserinfo="SELECT * from b_users where userID='$userid'";
       $getuserinfo2=mysql_query($getuserinfo) or die("Could not grab user info");
       $getuserinfo3=mysql_fetch_array($getuserinfo2);
       print "<form action='edituser.php' method='post'>";
       print "<input type='hidden' name='userid' value='$userid'><input type='hidden' name='username' value='$getuserinfo3[username]'>";
       print "Username: ";
       print "<strong>$getuserinfo3[username]</strong><br><br>";
       print "Password: (leave blank if no change, if entered new it will update forum and server acc)<br>";
       print "<input type='password' name='password'><br><br>";
       if ($getuserinfo3[status]==4)
       {
          print "Status: Head Admin<br>";
          print "<input type='hidden' name='userstatus' value='4'><br>";
       }
       else
       {
         print "Status:<br>";
         $getstatus=getstatus($getuserinfo3[status]);
         print "<select name='userstatus'>";
         print "<option value='$getuserinfo3[status]'>$getstatus</option>";
         print "<option value='0'>Players</option><br>";
         print "<option value='1'>GM</option><br>";
         print "<option value='2'>Supermoderator</option><br>";
         print "<option value='3'>Administrator</option><br>";
         print "</select><br><br>";
       }
       print "E-mail:<br>";
       print "<input type='text' name='email' value='$getuserinfo3[email]'><br><br>";
       print "Forum Rank: (Put 0 if you want it to be determined by # of posts, this is not PVP Rank,<br>";
	   print "1 BBCode is active, example: [color=lime]Game Master[/color])<br>";
	   $frank=$getuserinfo3[rank];
	   //convert to bbcode
       $frank = preg_replace("(\<font color=\"(.+?)\">(.+?)\</font>)is","[color=$1]$2[/color]",$frank);
       print "<input type='text' name='rank' value='$frank'><br><br>";
	   
	   print "Reputation:<br>";
       print "<input type='text' name='rep' value='$getuserinfo3[honours]'><br><br>";
	   print "Points:<br>";
       print "<input type='text' name='point' value='$getuserinfo3[points]'><br><br>";
	   print "Buff Points:<br>";
       print "<input type='text' name='buff' value='$getuserinfo3[buff]'><br><br>";
	   print "Money in Bank: (can be tranferred to characters, modify this if you want reward someone,<br>";
	   print "format example: 43325697 means: 4332gold 56silver 97 copper)<br>";
       print "<input type='text' name='money' value='$getuserinfo3[money]'><br><br>";
	     
       print "Is this user banned from posting? $getuserinfo3[banned] at this moment.<br>";
       print "<select name='isbanned'>";
       print "<option value='No'>No</option><br>";
       print "<option value='Yes'>Yes</option><br>";
       print "</select><br><br>";
	   
		  $SQLwow ="SELECT * from accounts where login='$getuserinfo3[username]'";
		  $SQLwow2=mysql_query($SQLwow) or die("Could not get user char info".mysql_error());
		  $SQLwow3=mysql_fetch_array($SQLwow2);
		  $accid=$SQLwow3[acct];
		  
		  $SQLawow ="SELECT * from characters where acct='$accid'";
		  $SQLawow2=mysql_query($SQLawow) or die("Could not get user char info2");
		  print "Select Character: (now selected char: id $getuserinfo3[charid])<br>";
	      print "<select name='char'>";
		  print "<option value='0'>0 - (No Character)</option><br>";
		  while ($SQLawow3=mysql_fetch_array($SQLawow2))
		     {
			 if ($SQLawow3[guid]==$getuserinfo3[charid]) {
			        print "<option selected='selected' value='$SQLawow3[guid]'>$SQLawow3[guid] - $SQLawow3[name] lvl $SQLawow3[level]</option><br>";
		   } else  {
			        print "<option value='$SQLawow3[guid]'>$SQLawow3[guid] - $SQLawow3[name] lvl $SQLawow3[level]</option><br>";
			       }
			 }
		  print "</select><br><br>";
	   
       print "Signature:<br>";
       print "<textarea name='sig' rows='5' cols='40'>$getuserinfo3[sig]</textarea><br><br>";
       print "<input type='submit' name='submit' value='Edit This user'></form>";

     }
     else
     {
        print "You did not select a user to Edit.";

     }
     print "</td></tr></table></p>";
     print "</td></tr></table>";    
     print "</center>";
   }
else
   {
     print "<table width='70%' border='0'>";
     print "<tr class='headline'><td><center>Not logged in as Admin</td></tr>";
     print "<tr class='forumrow'><td>";
     print "You are not logged in as Administrator, please log in.";
     print "<form method='POST' action='../authenticate.php'>";
     print "Type Username Here: <input type='text' name='username' size='15'><br>";
     print "Type Password Here: <input type='password' name='password' size='15'><br>";
     print "<input type='submit' value='submit' name='submit'>";
     print "</form>";
     print "</td></tr></table>";
   }

?>
<?php
function getstatus($statnum)
{
  
  if ($statnum==0)
  {
     return "Players";
  }
  else if($statnum==1)
  {
     return "GM's";
  }
  else if($statnum==2)
  {
    return "Supermoderators";
  }
  else if($statnum==3)
  {
    return "Administrators";
  }
}
?>
